From c508960fc38c2826749f78e8e8f6e014147ac9c8 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Mon, 25 Apr 2022 16:26:16 +0200
Subject: [PATCH] DOC: update docs for ldap.env

---
 misc/pam_authentication/ldap.env | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/misc/pam_authentication/ldap.env b/misc/pam_authentication/ldap.env
index c40018c2..958b3c62 100644
--- a/misc/pam_authentication/ldap.env
+++ b/misc/pam_authentication/ldap.env
@@ -11,10 +11,9 @@ export LDAPURI="ldap[s]://<ldap-service>[:<port>]/"
 export USER_BASE="dc=example,dc=org" # for actual LDAP servers
 #export USER_BASE="example.org" # for MS Active Directory
 
-# REQUIRED if USER_BASE is configured for LDAP servers. The BIND_DN_PATTERN is
-# used to construct the DN from the USER_NAME and the USER_BASE. Be sure to
-# surround it with single quotation marks "'" because the variable are to be
-# expanded by the script. Defaults to the first
+# The BIND_DN_PATTERN is used to construct the DN from the USER_NAME and the
+# USER_BASE. Be sure to surround it with single quotation marks "'" because the
+# variable are to be expanded by the script. Defaults to the first
 #export BIND_DN_PATTERN='cn=${USER_NAME},${USER_BASE}' # for actual LDAP servers.
 #export BIND_DN_PATTERN='${USER_NAME}@${USER_BASE}' # for MS Active Directory
 
@@ -28,7 +27,7 @@ export USER_BASE="dc=example,dc=org" # for actual LDAP servers
 #export LDAPTLS_REQCERT=never
 #export LDAPTLS_REQCERT=allow
 #export LDAPTLS_REQCERT=try
-export LDAPTLS_REQCERT=hard
+#export LDAPTLS_REQCERT=hard
 
 # Specifies the file that contains certificates for all of the Certificate
 # Authorities the client will recognize.
-- 
GitLab